In our day-to-day job as TCP relationship therapists we regularly receive requests for a quick application health check in one of those turbocharged, high secure hybrid networks; each with their own habits and site effects due to the different security layers and service partners.
The rationale behind these requests is getting an understanding the impact these security layers and service parties have on the end-user experience and underlying application response times.
There are different ways of measuring the user experience and application response times. In this blog we focus on TCP session data utilizing network packets.
Capturing all the right packets
Doing a quick application health check and root-cause analysis requires a rock-solid foundation for capturing all the right packets. This is due to the high traffic volumes and the different security zones in a modern, hybrid infrastructure.
Once these packets are captured, they also need to be processed; ideally with a number cruncher (versus a packet cruncher) as it makes troubleshooting very effective and efficient!
Port mirroring versus tap-ing
The most popular method for capturing packets is port mirroring (aka port spanning). This method is available for physical and virtual network devices.
However, this requires network devices with filter capabilities to assure that the aggregated traffic volume doesn’t exceed the one-way capacity of the designated span/mirror port. Typically, network devices don’t have these type of filtering capabilities.
In addition, port mirroring/spanning probably results in additional delays on processing and forwarding packets.
As a result, to assure all the right packets are processed and captured in a timely manner, we strongly recommend network tap’s (Test Access Point) when connecting network sensors.
The full story
By requesting the full story you will learn how to setup a cost-effective, robust packet capture foundation for such a quick application health check. This includes detailed examples about connecting copper and fiber taps as well as a TCP number cruncher (aka network sensor).
